Microsoft Opens Source Code To KGB's Successor Agency

Jack Spine writes "Microsoft has struck a deal with the Russian government which will give the FSB, successor to the KGB, access to the source code for Windows 7, among other products. The agreement is an extension of Microsoft's Government Security Program, according to a source with links to the UK government."

security holes of releasing source code

yay, so now the Russians will know all the holes in Windows 7 and how to exploit them, no?

Re:security holes of releasing source code

[TheRaven64]

They've already provided it to the Chinese (and the British, not sure who else). That means that the Russians and Chinese can look for and exploit holes in Windows. Last I heard (which, admittedly, was around 2002), the source code that they provide is not enough to build a complete Windows system, and the license does not permit building it, only reviewing it, so this only lets you find (but not fix) accidental flaws, not malicious ones.

Basically, they get all of the disadvantages of open source security, but none of the advantages.

Re:security holes of releasing source code

[roystgnr]

Yeah, but Russia probably signed the same "We promise to hack Google first" agreement that China did, so from Microsoft's perspective it's win/win.

Re:security holes of releasing source code

[morgan_greywolf]

Do you really think most countries have any interest in reviewing all the code in windows?

If you can't compile the code into a working binary using the same compiler that was used to produce the production binary because you're missing parts, then you can't be sure that the source code you have represents the binary you're using. You have take Microsoft's word for it, and it's not like the rep you're talking to is the actual guy who manages the build, so even he doesn't actually know for sure.

An incomplete set of source is absolutely useless for a true security audit.

I'm sure this will turn out well

[linzeal]

I'm more afraid of the FSB selling or having the code stolen from them by Russian hackers than the FSB actually doing anything. They are mostly incompetent hacks either leftover from the 90's or put there to be yes-men to Putin policy. Putin would not stack the deck against himself so he has cut out most of the intelligence in the intelligence agencies, that is why you get things like the recent spy swap debacle where they could not even penetrate a PTA meeting let alone the Pentagon.

FSB is not "the" successor to the KGB

[the+linux+geek]

The FSB is approximately a third of the total KGB capability, with the FSO and SVR being the other legs of the triumvirate. The FSB, being the replacement for the former First Chief Directorate, is mostly responsible for internal security (counterintelligence, counterterrorism, counterinsurgency, action against dissenters.) I don't see how this deal with Microsoft could possibly threaten the US or US interests, except possibly in a peripheral way.

In Soviet Russia...

[yanyan]

I give up. This is too easy.

Successor agency

[TrixX]

Shouldn't the successor to KGB be called LHC... oh!

As Stalin said

[gillbates]

Wasn't it Stalin who said, "The capitalists will sell us the rope we use to hang them."

Nice to know that Microsoft, after complaining for years that open source was insecure because anyone could see the code, is now providing same to Russia. Nothing quite like putting quarterly profits above national security.